I recently noticed my computer was slower, I performed a boot scan and found two adware viruses which were removed, soon after that someone received an emailed spam link form my account, I performed a second boot scan and the nothing was found, yet several people are receiving messages from my email. Clearly my email has been hacked. Ccan you help me remove these viruses?
Thank you
Hi there,
please follow this guide and attach the requested logs: https://forum.avast.com/index.php?topic=53253.0
How do you access your mail?.. using a mail client, or as webmail using your browser
It isn’t clear that your email has been hacked or not.
It could be that your email address has been harvested and added to a spammers list - they not only send out spam to you but also use your email in the from address. This makes it look like it came from you and dumb email servers (and users) bounce the email back to the from address, incorrectly and you get the blame.
Your email can get harvested easily, if you publish it anywhere on-line, or people that you send/receive email could become infected and their email addressbook is harvested.
So it isn’t as clear cut as you or they might think.
If you were truly sending out lots of email (from your computer, not via your browser) s p a m, then avast is likely to detect that (set heuristic settings to high). Or your ISP may be likely to notice the volume of emails being sent.
You should change your passwords (dont use your cat/dog name or something easy) after your computer has been checked for malware
Follow instructions in post from Steven
Password generator: https://identitysafe.norton.com/password-generator
Thank you so much. I did as told, I tried replying to this earlier but I am not sure the reply was posted, so I will post again. I apologize if this is a repeated post. I am attaching the logs from the various scans.
And yes,David is right, it was harvested, the sender was actually (email deleted). I access my email trough Google. I think they hacked my yahoo account.
Once you guys tell me it’s done, I will change my passwords. Thanks again, I really appreciate all you are doing.
Removal team is notified. It may take some hours before anyone is online
Whilst I am looking at the logs change your e-mail passwords now as it looks like an online hack
You have attached two additions.txt Could you attach the main FRST.txt please
Best to obfuscate that email address (so it doesn’t get harvested) as I have done in the quoted text. Who knows, that may well be an innocent bystander also, but always best to be careful and not publish emails on-line.
Sorry, here it is
I hadn’t thought that email might be another “victim” . Good point , will be more careful
You can use the Modify icon in that post to be able to obfuscate/edit or remove the email address.
Thanks, done.
Are you experiencing any problems ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR StartupUrls: Default -> "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8C77247703C32EC0&affID=119351&tt=040813_11&tsp=4964" Task: {6D6CD300-BD69-4397-AB06-DC5701EAA896} - \DSite No Task File <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
I am attaching the fixlog, but the computer keeps blocking AdwCleaner saying it is not a valid Win32 application. Can you please help me bypass this? Thanks.
Also, I tried turning off Avast and my firewalls, but still AdwCleaner won’t run, I keep getting the same "AdwCleaner is not a Win 32"message.
It worked!!
Thanks He.re is the log from the AdwCleaner scan. The fixlog is above